Remote browsing session management
First Claim
1. A computer-implemented method for detecting differences between digital certificates, the method comprising:
- under the control of a server system comprising one or more hardware-based computer processors configured to execute specific instructions, wherein the server system is separate from a content source and a user computing device,receiving, by the server system, a first certificate data from the user computing device, the first certificate data comprising a first digital certificate asserting the identity of the content source, wherein the first digital certificate is signed by a certificate authority, and wherein the first digital certificate was previously obtained by the user computing device in connection with a secure content request, originating from the user computing device, for content hosted by the content source; and
in response to receiving the first certificate data from the user computing device;
retrieving, by the server system, a second certificate data from the content source responsive to a request transmitted by the server system to the content source, the second certificate data comprising a second digital certificate identifying the same content source as the first digital certificate, the second digital certificate signed by a certificate authority; and
determining, by the server system, that the first digital certificate is fraudulent based at least partly on comparing the first certificate data to the second certificate data and identifying a difference.
1 Assignment
0 Petitions
Accused Products
Abstract
A process is directed to the generation and processing of server identification data by a network computing provider. A client computing device transmits data identifying a server associated with a content source. The identification data can include a digital certificate signed by a third-party certificate authority, a DNS record from a third-party DNS server, etc. The network computing provider comprises one or more physical computing devices for processing the identification data received from any number of client computing devices. The network computing provider can alert the client computing device, content source, or DNS server when erroneous or potentially fraudulent identification data is detected. The network computing provider can also store the identification data and provide content sources and DNS servers with access to the identification data received from client computing devices.
-
Citations
28 Claims
-
1. A computer-implemented method for detecting differences between digital certificates, the method comprising:
under the control of a server system comprising one or more hardware-based computer processors configured to execute specific instructions, wherein the server system is separate from a content source and a user computing device, receiving, by the server system, a first certificate data from the user computing device, the first certificate data comprising a first digital certificate asserting the identity of the content source, wherein the first digital certificate is signed by a certificate authority, and wherein the first digital certificate was previously obtained by the user computing device in connection with a secure content request, originating from the user computing device, for content hosted by the content source; and in response to receiving the first certificate data from the user computing device; retrieving, by the server system, a second certificate data from the content source responsive to a request transmitted by the server system to the content source, the second certificate data comprising a second digital certificate identifying the same content source as the first digital certificate, the second digital certificate signed by a certificate authority; and determining, by the server system, that the first digital certificate is fraudulent based at least partly on comparing the first certificate data to the second certificate data and identifying a difference. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A system for detecting differences between digital certificates, the system comprising:
a network computing provider comprising a network computing component executing on one or more physical network computing devices, wherein each physical network computing device comprises hardware configurable to execute specific computing instructions, the network computing component configured to; receive a first certificate data from a user computing device, the first certificate data comprising a first digital certificate asserting the identity of a content source separate from the network computing provider and the user computing device, the first digital certificate signed by a certificate authority, wherein the first digital certificate was previously obtained by the user computing device in connection with a secure content request, originating from the user computing device, for content hosted by the content source; receive a plurality of related certificate data from one or more other user computing devices separate from the user computing device, each of the related certificate data comprising a digital certificate asserting the identity of the same content source as the first certificate data, wherein each of the digital certificates of the related certificate data was previously obtained by a respective user computing device, of the one or more other user computing devices, in connection with a secure content request, originating from the respective user computing device, for content hosted by the content source; determine representative certificate data from the plurality of related certificate data based at least partly on an analysis of the plurality of related certificate data; and determine whether the first digital certificate is fraudulent based at least partly on a difference between the first certificate data and the representative certificate data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
19. A computer-implemented method for detecting differences between DNS records, the method comprising:
under the control of a network computing component executing on one or more physical computing components of a network computing provider, the physical computing components configured to execute specific instructions, receiving, by the network computing component, a first DNS record from a user computing device, the first DNS record comprising a first IP address of a content source separate from the user computing device, wherein the first DNS record was previously obtained by the user computing device in connection with a content request, originating from the user computing device, for content hosted by the content source; and in response to receiving the first DNS record from the user computing device; receiving, by the network computing component, a second DNS record from a DNS server, the second DNS record comprising a second IP address of the same content source as the first DNS record; and determining, by the network computing component, whether the first DNS record is fraudulent based at least partly on a difference between the first DNS record and the second DNS record. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
26. A system for detecting variances in server identification data, the system comprising:
a network computing provider comprising a network computing component executing on one or more physical network computing devices, wherein each physical network computing device comprises hardware configurable to execute specific computing instructions, the network computing component configured to; receive a plurality of certificate data from a plurality of user computing devices, each of the plurality of certificate data comprising a digital certificate, signed by a certificate authority, asserting the identity of a content source separate from the plurality of user computing devices and separate from the network computing provider, wherein each of the digital certificates of the plurality of certificate data was previously obtained by a respective user computing device of the plurality of user computing devices in connection with a secure content request, originating from the respective user computing device, for content hosted by the content source; store, in an electronic data store, the plurality of certificate data received from the plurality of user computing devices; and provide access to at least a portion of the plurality of certificate data stored in the electronic data store, wherein the access is provided to the content source and wherein the portion of the plurality of certificate data is associated with the content source. - View Dependent Claims (27, 28)
Specification